Wireless Access

Hello Airheads,

anyone have problems with Instant IPSEC tunnels terminating on 7210 controllers?

Hi friend,

What is the issue ? I can help you on fixing the issue.

Please feel free to share the issue.

hello Venu,

we have Aruba Instant clusters in the field terminating VPN tunnels onto a 7210 controller

we have set everything up e.g. VPN pool on the controller and peer gateway but we are getting this message in the logs when the tunnel doesn't form

Jan 22 08:59:32 isakmpd[3352]: <103061> <ERRS> |ike|   Unable to get get IP Address from pool

Jan 22 08:59:32 isakmpd[3352]: <103061> <ERRS> |ike|   Unable to get get IP Address from pool

Jan 22 09:00:15 isakmpd[3352]: <103061> <ERRS> |ike|   Unable to get get IP Address from pool

Jan 22 09:00:15 isakmpd[3352]: <103061> <ERRS> |ike|   Unable to get get IP Address from pool

Jan 22 10:24:23 isakmpd[3352]: <103061> <ERRS> |ike|   Unable to get get IP Address from pool

Jan 22 10:24:23 isakmpd[3352]: <103061> <ERRS> |ike|   Unable to get get IP Address from pool

Jan 22 10:24:23 isakmpd[3352]: <103063> <DBUG> |ike|   *** ipc_auth_recv_packet user=24:de:c6:c6:51:0a, pass=******, result=0   ctx:7a7ca4, ctx-innerip:0.0.0.0 l2tp_pool:VPN-pool

Jan 22 10:24:23 isakmpd[3352]: <103063> <DBUG> |ike|   get_ikev2_internal_ip pool VPN-pool

Jan 22 10:24:44 isakmpd[3352]: <103061> <ERRS> |ike|   Unable to get get IP Address from pool

Jan 22 10:24:44 isakmpd[3352]: <103063> <DBUG> |ike|   *** ipc_auth_recv_packet user=24:de:c6:c6:51:0a, pass=******, result=0   ctx:7a5d6c, ctx-innerip:0.0.0.0 l2tp_pool:VPN-pool

Jan 22 10:24:44 isakmpd[3352]: <103063> <DBUG> |ike|   get_ikev2_internal_ip pool VPN-pool

Jan 22 10:25:05 isakmpd[3352]: <103061> <ERRS> |ike|   Unable to get get IP Address from pool

Jan 22 10:25:05 isakmpd[3352]: <103061> <ERRS> |ike|   Unable to get get IP Address from pool

Jan 22 10:25:05 isakmpd[3352]: <103063> <DBUG> |ike|   *** ipc_auth_recv_packet user=24:de:c6:c6:51:0a, pass=******, result=0   ctx:7a53bc, ctx-innerip:0.0.0.0 l2tp_pool:VPN-pool

Jan 22 10:25:05 isakmpd[3352]: <103063> <DBUG> |ike|   get_ikev2_internal_ip pool VPN-pool

ani ideas?

yes Tim we do

Hi

Check whether the pool is exhausted ?

the pool has plenty of addresses spare

Pete

Hi,

The output is clearly saying it is issue with VPN pool. you have to work around the pool.

If no other IPSec is terminated on the same controller, reset the Pool.

Please feel free for any further query on this.

Please check the L2TP pool by running:

show vpdn l2tp local pool

Make sure your pool on that controller is named VPN-pool (case sensitive); as that is what the IAP seems to be looking for in your setup.    Did you specify the pool that is used for the default-vpn-role by chance?

thank you for the reply my friend you were absolutely right it was a naming issue on the vpn pool.

All working now

Pete

p.s. all the feedback was very good and all appreciated thank you